small-improvements

SUSPICIOUS: the skill's stated purpose is plausible, and the CLI comes from an official npm package, but the integration routes authentication and HR data through Membrane as a third-party intermediary rather than directly to Small Improvements. That data-flow mismatch and credential forwarding are the main concerns; this looks more like a managed gateway skill than a direct Small Improvements integration.